[
https://issues.apache.org/jira/browse/ARTEMIS-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060977#comment-18060977
]
ASF subversion and git services commented on ARTEMIS-5910:
----------------------------------------------------------
Commit 1ba2aca4fe99e40af0534758fd58fe8bc3fedbf6 in artemis-console's branch
refs/heads/main from Domenico Francesco Bruscino
[ https://gitbox.apache.org/repos/asf?p=artemis-console.git;h=1ba2aca ]
ARTEMIS-5910 make web console tabs conditional on permission
Many of the tabs on the web console show up even though the user doesn't
have permission to execute the command corresponding to the tab. For
example the "Connections" tab shows up even though the user can't
execute the `listConnections` management operation.
> Web console tabs no longer respect user permissions
> ---------------------------------------------------
>
> Key: ARTEMIS-5910
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5910
> Project: Artemis
> Issue Type: Bug
> Components: Web Console
> Reporter: Domenico Francesco Bruscino
> Assignee: Domenico Francesco Bruscino
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The fix originally implemented in ARTEMIS-4265 to ensure web console tabs are
> conditionally displayed based on user permissions has regressed in the web
> console released in Apache Artemis 2.40.0. While the original fix
> successfully used RBAC to hide or show UI tabs like Queues, Addresses, and
> Sessions based on a user's specific roles, the web console in version 2.40.0
> no longer honors these security constraints.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
